Generally, banks and/or financial organizations provide portals for performing various activities. Such activities include at least one of an interaction with a customer, login, t ransaction, event functioning etc. For the customer to perform such activities in the portal they need to furnish one or more credentials. These credentials may be considered as a first level of authentication. Such credentials may include a login user-id for the customer and a dedicated password. However, the first level of authentication for performing such activities are more prone to security risk as the criticality of the activities are higher when compared to other activities organized through an e-commerce and any other online usage. The higher security risk makes it essential to have strong authentication methods. Thus, such web application usage i.e. through accessing portal and others systems provides a need for a second level authentication.
The second level authentication is usually carried out by a token generated through a device or client side software in the portal. These methods pose significant disadvantages such as increased cost for providing the token generating device, installing the software on customer's machine, integrating the software with existing system.
Technically, to secure the activities on portal the authentication process are executed in two levels. In the second level authentication step, the user is asked to input a secondary password dedicated for this purpose along with the user credentials such as the user-id and the dedicated password or it is executed with the secondary password generated by the device that the customer may possess. Some portals may require the customer to enter a combination of the customer details such as birth date, address etc. Some services send the second level password to the customer by text, message, e-mail or other communication means. Few portals may require the customer to send text messages in a prescribed format after finishing the first level of authentication.
The second level of authentication may also be performed through text messages. But, the websites that offers second level of authentication such as way2sms provides sending text messages without possessing a mobile phone.
All such mechanism toughed in the prior art for securing activities of the customer in the portal by the second level authentication pose one or more problem. Such problem may include the further increase in security, as the secondary password is generally communicated through a non encrypted means. Accordingly there is a need for providing stronger second level authentication with reduced cost.